X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/338a82b57f928abe592145115f990d63b9e787d0..348683aa59f63ac110c129f808c91fc3156ee14f:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index c7214e4..1b9ad5a 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -3,9 +3,9 @@ * * This file is part of x3. * - * srvx is free software; you can redistribute it and/or modify + * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -20,15 +20,19 @@ #include "chanserv.h" #include "conf.h" +#include "config.h" #include "global.h" #include "modcmd.h" #include "opserv.h" /* for gag_create(), opserv_bad_channel() */ #include "saxdb.h" #include "sendmail.h" #include "timeq.h" +#include "x3ldap.h" -#ifdef HAVE_REGEX_H -#include +#include + +#ifdef WITH_LDAP +#include #endif #define NICKSERV_CONF_NAME "services/nickserv" @@ -44,11 +48,13 @@ #define KEY_VALID_HANDLE_REGEX "valid_handle_regex" #define KEY_VALID_ACCOUNT_REGEX "valid_account_regex" #define KEY_VALID_NICK_REGEX "valid_nick_regex" +#define KEY_VALID_FAKEHOST_REGEX "valid_fakehost_regex" #define KEY_DB_BACKUP_FREQ "db_backup_freq" #define KEY_MODOPER_LEVEL "modoper_level" #define KEY_SET_EPITHET_LEVEL "set_epithet_level" #define KEY_SET_TITLE_LEVEL "set_title_level" #define KEY_SET_FAKEHOST_LEVEL "set_fakehost_level" +#define KEY_DENIED_FAKEHOST_WORDS "denied_fakehost_words" #define KEY_TITLEHOST_SUFFIX "titlehost_suffix" #define KEY_AUTO_OPER "auto_oper" #define KEY_AUTO_ADMIN "auto_admin" @@ -78,6 +84,7 @@ #define KEY_PASSWD "passwd" #define KEY_NICKS "nicks" #define KEY_MASKS "masks" +#define KEY_IGNORES "ignores" #define KEY_OPSERV_LEVEL "opserv_level" #define KEY_FLAGS "flags" #define KEY_REGISTER_ON "register" @@ -104,12 +111,31 @@ #define KEY_NOTE_NOTE "note" #define KEY_NOTE_SETTER "setter" #define KEY_NOTE_DATE "date" - +#define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase" + +#define KEY_LDAP_ENABLE "ldap_enable" + +#ifdef WITH_LDAP +#define KEY_LDAP_URI "ldap_uri" +#define KEY_LDAP_BASE "ldap_base" +#define KEY_LDAP_DN_FMT "ldap_dn_fmt" +#define KEY_LDAP_VERSION "ldap_version" +#define KEY_LDAP_AUTOCREATE "ldap_autocreate" +#define KEY_LDAP_ADMIN_DN "ldap_admin_dn" +#define KEY_LDAP_ADMIN_PASS "ldap_admin_pass" +#define KEY_LDAP_FIELD_ACCOUNT "ldap_field_account" +#define KEY_LDAP_FIELD_PASSWORD "ldap_field_password" +#define KEY_LDAP_FIELD_EMAIL "ldap_field_email" +#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" +#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" +#define KEY_LDAP_TIMEOUT "ldap_timeout" +#endif #define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" #define NICKSERV_FUNC(NAME) MODCMD_FUNC(NAME) -#define OPTION_FUNC(NAME) int NAME(struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[]) +#define OPTION_FUNC(NAME) int NAME(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[]) typedef OPTION_FUNC(option_func_t); DEFINE_LIST(handle_info_list, struct handle_info*); @@ -125,6 +151,7 @@ struct userNode *nickserv; struct userList curr_helpers; const char *handle_flags = HANDLE_FLAGS; +extern struct string_list *autojoin_channels; static struct module *nickserv_module; static struct service *nickserv_service; static struct log_type *NS_LOG; @@ -137,12 +164,17 @@ static dict_t nickserv_email_dict; /* contains struct handle_info_list*, indexed static char handle_inverse_flags[256]; static unsigned int flag_access_levels[32]; static const struct message_entry msgtab[] = { + { "NSMSG_NO_ANGLEBRACKETS", "The < and > in help indicate that that word is a required parameter, but DO NOT actually type them in messages to me." }, { "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." }, - { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu charactors or less."}, + { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu characters or less."}, { "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." }, { "NSMSG_PASSWORD_ACCOUNT", "Your password may not be the same as your account name." }, { "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." }, { "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." }, + { "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." }, + { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." }, { "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." }, { "NSMSG_OREGISTER_VICTIM", "%s has registered a new account for you (named %s)." }, { "NSMSG_OREGISTER_H_SUCCESS", "Account has been registered." }, @@ -173,7 +205,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_ATE_FOREIGN_COOKIE", "I ate the cookie for account $b%s$b. It may now have another." }, { "NSMSG_USE_RENAME", "You are already authenticated to account $b%s$b -- contact the support staff to rename your account." }, { "NSMSG_ALREADY_REGISTERING", "You have already used $bREGISTER$b once this session; you may not use it again." }, - { "NSMSG_REGISTER_BAD_NICKMASK", "Could not recognize $b%s$b as either a current nick or a hostmask." }, + { "NSMSG_REGISTER_BAD_NICKMASK", "You must provide a hostmask, or online nick to generate one automatically. (or set a default hostmask in the config such as *@*)." }, { "NSMSG_NICK_NOT_REGISTERED", "Nick $b%s$b has not been registered to any account." }, { "NSMSG_HANDLE_NOT_FOUND", "Could not find your account -- did you register yet?" }, { "NSMSG_ALREADY_AUTHED", "You are already authed to account $b%s$b; you must reconnect to auth to a different account." }, @@ -183,13 +215,14 @@ static const struct message_entry msgtab[] = { { "NSMSG_USER_PREV_AUTH", "$b%s$b is already authenticated." }, { "NSMSG_USER_PREV_STAMP", "$b%s$b has authenticated to an account once and cannot authenticate again." }, { "NSMSG_BAD_MAX_LOGINS", "MaxLogins must be at most %d." }, + { "NSMSG_BAD_ADVANCED", "Advanced must be either 1 to enable it or 0 to disable it." }, { "NSMSG_LANGUAGE_NOT_FOUND", "Language $b%s$b is not supported; $b%s$b was the closest available match." }, { "NSMSG_MAX_LOGINS", "Your account already has its limit of %d user(s) logged in." }, { "NSMSG_STAMPED_REGISTER", "You have already authenticated to an account once this session; you may not register a new account." }, { "NSMSG_STAMPED_AUTH", "You have already authenticated to an account once this session; you may not authenticate to another." }, { "NSMSG_STAMPED_RESETPASS", "You have already authenticated to an account once this session; you may not reset your password to authenticate again." }, { "NSMSG_STAMPED_AUTHCOOKIE", "You have already authenticated to an account once this session; you may not use a cookie to authenticate to another account." }, - { "NSMSG_TITLE_INVALID", "Titles cannot contain any dots; please choose another." }, + { "NSMSG_TITLE_INVALID", "Titles may contain only a-z, A-Z, 0-9, and '-'. Please choose another." }, { "NSMSG_TITLE_TRUNCATED", "That title combined with the user's account name would result in a truncated host; please choose a shorter title." }, { "NSMSG_FAKEHOST_INVALID", "Fake hosts must be shorter than %d characters and cannot start with a dot." }, { "NSMSG_HANDLEINFO_ON", "$bAccount Information for %s$b" }, @@ -214,6 +247,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_HANDLEINFO_LAST_HOST_UNKNOWN", "Last quit hostmask: Unknown" }, { "NSMSG_HANDLEINFO_NICKS", "Nickname(s): %s" }, { "NSMSG_HANDLEINFO_MASKS", "Hostmask(s): %s" }, + { "NSMSG_HANDLEINFO_IGNORES", "Ignore(s): %s" }, { "NSMSG_HANDLEINFO_CHANNELS", "Channel(s): %s" }, { "NSMSG_HANDLEINFO_CURRENT", "Current nickname(s): %s" }, { "NSMSG_HANDLEINFO_DNR", "Do-not-register (by %s): %s" }, @@ -240,6 +274,8 @@ static const struct message_entry msgtab[] = { { "NSMSG_MASK_INVALID", "$b%s$b is an invalid hostmask." }, { "NSMSG_ADDMASK_ALREADY", "$b%s$b is already a hostmask in your account." }, { "NSMSG_ADDMASK_SUCCESS", "Hostmask %s added." }, + { "NSMSG_ADDIGNORE_ALREADY", "$b%s$b is already an ignored hostmask in your account." }, + { "NSMSG_ADDIGNORE_SUCCESS", "Hostmask %s added." }, { "NSMSG_DELMASK_NOTLAST", "You may not delete your last hostmask." }, { "NSMSG_DELMASK_SUCCESS", "Hostmask %s deleted." }, { "NSMSG_DELMASK_NOT_FOUND", "Unable to find mask to be deleted." }, @@ -266,7 +302,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_DB_UNREADABLE", "Unable to read database file %s; check the log for more information." }, { "NSMSG_DB_MERGED", "$N merged DB from %s (in "FMT_TIME_T".%03lu seconds)." }, { "NSMSG_HANDLE_CHANGED", "$b%s$b's account name has been changed to $b%s$b." }, - { "NSMSG_BAD_HANDLE", "Account $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, + { "NSMSG_BAD_HANDLE", "Account $b%s$b is not allowed because it is reserved, is too long, or contains invalid characters." }, { "NSMSG_BAD_NICK", "Nickname $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, { "NSMSG_BAD_EMAIL_ADDR", "Please use a well-formed email address." }, { "NSMSG_FAIL_RENAME", "Account $b%s$b not renamed to $b%s$b because it is in use by a network services, or contains invalid characters." }, @@ -294,11 +330,12 @@ static const struct message_entry msgtab[] = { { "NSMSG_SET_PRIVMSG", "$bPRIVMSG: $b%s" }, { "NSMSG_SET_STYLE", "$bSTYLE: $b%s" }, { "NSMSG_SET_ANNOUNCEMENTS", "$bANNOUNCEMENTS: $b%s" }, - { "NSMSG_SET_AUTOHIDE", "$bAUTOHIDE: $b%s" }, + { "NSMSG_SET_AUTOHIDE", "$bAUTOHIDE: $b%s" }, { "NSMSG_SET_PASSWORD", "$bPASSWORD: $b%s" }, { "NSMSG_SET_FLAGS", "$bFLAGS: $b%s" }, { "NSMSG_SET_EMAIL", "$bEMAIL: $b%s" }, { "NSMSG_SET_MAXLOGINS", "$bMAXLOGINS: $b%d" }, + { "NSMSG_SET_ADVANCED", "$bADVANCED: $b%s" }, { "NSMSG_SET_LANGUAGE", "$bLANGUAGE: $b%s" }, { "NSMSG_SET_LEVEL", "$bLEVEL: $b%d" }, { "NSMSG_SET_EPITHET", "$bEPITHET: $b%s" }, @@ -352,64 +389,22 @@ static const struct message_entry msgtab[] = { { "NSEMAIL_EMAIL_VERIFY_BODY", "This email has been sent to verify that this address belongs to the same person as %5$s on %1$s. Your cookie is %2$s.\nTo verify your address as associated with this account, log on to %1$s and type the following command:\n /msg %3$s@%4$s COOKIE %5$s %2$s\nIf you did NOT request this email address to be associated with this account, you do not need to do anything. Please contact the %1$s staff if you have questions." }, { "NSEMAIL_ALLOWAUTH_SUBJECT", "Authentication allowed for %s" }, { "NSEMAIL_ALLOWAUTH_BODY", "This email has been sent to let you authenticate (auth) to account %5$s on %1$s. Your cookie is %2$s.\nTo auth to that account, log on to %1$s and type the following command:\n /msg %3$s@%4$s COOKIE %5$s %2$s\nIf you did NOT request this authorization, you do not need to do anything. Please contact the %1$s staff if you have questions." }, + { "NSMSG_NOT_VALID_FAKEHOST_DOT", "$b%s$b is not a valid vhost. (needs at least one dot)" }, + { "NSMSG_NOT_VALID_FAKEHOST_AT", "$b%s$b is not a valid vhost. (it can not have a '@')" }, + { "NSMSG_DENIED_FAKEHOST_WORD", "Access denied because there's a prohibited word in $b%s$b (%s)." }, + { "NSMSG_NOT_VALID_FAKEHOST_LEN", "$b%s$b is not a valid vhost. (can only be 63 characters)" }, + { "NSMSG_NOT_VALID_FAKEHOST_TLD_LEN", "$b%s$b is not a valid vhost. (TLD can only be 4 characters and less)" }, + { "NSMSG_NOT_VALID_FAKEHOST_REGEX", "$b%s$b is not allowed by the admin, consult the valid vhost regex pattern in the config file under nickserv/valid_fakehost_regex." }, { "CHECKPASS_YES", "Yes." }, { "CHECKPASS_NO", "No." }, + { "NSMSG_DEFCON_NO_NEW_NICKS", "You cannot register new %s at this time, please try again soon" }, { NULL, NULL } }; -enum reclaim_action { - RECLAIM_NONE, - RECLAIM_WARN, - RECLAIM_SVSNICK, - RECLAIM_KILL -}; static void nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_action action); static void nickserv_reclaim_p(void *data); -static struct { - unsigned int disable_nicks : 1; - unsigned int valid_handle_regex_set : 1; - unsigned int valid_nick_regex_set : 1; - unsigned int autogag_enabled : 1; - unsigned int email_enabled : 1; - unsigned int email_required : 1; - unsigned int default_hostmask : 1; - unsigned int warn_nick_owned : 1; - unsigned int warn_clone_auth : 1; - unsigned int sync_log : 1; - unsigned long nicks_per_handle; - unsigned long password_min_length; - unsigned long password_min_digits; - unsigned long password_min_upper; - unsigned long password_min_lower; - unsigned long db_backup_frequency; - unsigned long handle_expire_frequency; - unsigned long autogag_duration; - unsigned long email_visible_level; - unsigned long cookie_timeout; - unsigned long handle_expire_delay; - unsigned long nochan_handle_expire_delay; - unsigned long modoper_level; - unsigned long set_epithet_level; - unsigned long set_title_level; - unsigned long set_fakehost_level; - unsigned long handles_per_email; - unsigned long email_search_level; - const char *network_name; - const char *titlehost_suffix; - regex_t valid_handle_regex; - regex_t valid_nick_regex; - dict_t weak_password_dict; - struct policer_params *auth_policer_params; - enum reclaim_action reclaim_action; - enum reclaim_action auto_reclaim_action; - unsigned long auto_reclaim_delay; - unsigned char default_maxlogins; - unsigned char hard_maxlogins; - const char *auto_oper; - const char *auto_admin; - char default_style; -} nickserv_conf; +struct nickserv_config nickserv_conf; /* We have 2^32 unique account IDs to use. */ unsigned long int highest_id = 0; @@ -442,45 +437,14 @@ register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long { struct handle_info *hi; -#ifdef WITH_PROTOCOL_BAHAMUT - char id_base64[IDLEN + 1]; - do - { - /* Assign a unique account ID to the account; note that 0 is - an invalid account ID. 1 is therefore the first account ID. */ - if (!id) { - id = 1 + highest_id++; - } else { - /* Note: highest_id is and must always be the highest ID. */ - if(id > highest_id) { - highest_id = id; - } - } - inttobase64(id_base64, id, IDLEN); - - /* Make sure an account with the same ID doesn't exist. If a - duplicate is found, log some details and assign a new one. - This should be impossible, but it never hurts to expect it. */ - if ((hi = dict_find(nickserv_id_dict, id_base64, NULL))) { - log_module(NS_LOG, LOG_WARNING, "Duplicated account ID %lu (%s) found belonging to %s while inserting %s.", id, id_base64, hi->handle, handle); - id = 0; - } - } while(!id); -#endif - hi = calloc(1, sizeof(*hi)); - hi->userlist_style = HI_DEFAULT_STYLE; + hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE; hi->announcements = '?'; hi->handle = strdup(handle); safestrncpy(hi->passwd, passwd, sizeof(hi->passwd)); hi->infoline = NULL; dict_insert(nickserv_handle_dict, hi->handle, hi); -#ifdef WITH_PROTOCOL_BAHAMUT - hi->id = id; - dict_insert(nickserv_id_dict, strdup(id_base64), hi); -#endif - return hi; } @@ -553,14 +517,8 @@ free_handle_info(void *vhi) { struct handle_info *hi = vhi; -#ifdef WITH_PROTOCOL_BAHAMUT - char id[IDLEN + 1]; - - inttobase64(id, hi->id, IDLEN); - dict_remove(nickserv_id_dict, id); -#endif - free_string_list(hi->masks); + free_string_list(hi->ignores); assert(!hi->users); while (hi->nicks) @@ -584,12 +542,26 @@ free_handle_info(void *vhi) static void set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp); -static void +static int nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, struct userNode *bot) { unsigned int n; struct userNode *uNode; +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + if( (rc = ldap_delete_account(hi->handle)) != LDAP_SUCCESS) { + if(notify) { + send_message(notify, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + } + if(rc != LDAP_NO_SUCH_OBJECT) + return false; /* if theres noone there to delete, its kinda ok, right ?:) */ + } + } + } +#endif for (n=0; nusers) { @@ -611,6 +583,7 @@ nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, stru SyncLog("UNREGISTER %s", hi->handle); dict_remove(nickserv_handle_dict, hi->handle); + return true; } struct handle_info* @@ -702,8 +675,16 @@ is_valid_handle(const char *handle) static int is_registerable_nick(const char *nick) { - /* make sure it could be used as an account name */ - if (!is_valid_handle(nick)) + struct userNode *user; + /* cant register a juped nick/service nick as nick, to prevent confusion */ + user = GetUserH(nick); + if (user && IsLocal(user)) + return 0; + /* for consistency, only allow nicks names that could be nicks */ + if (!is_valid_nick(nick)) + return 0; + /* disallow nicks that look like bad words */ + if (opserv_bad_channel(nick)) return 0; /* check length */ if (strlen(nick) > NICKLEN) @@ -778,7 +759,7 @@ smart_get_handle_info(struct userNode *service, struct userNode *user, const cha } int -oper_outranks(struct userNode *user, struct handle_info *hi) { +oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) { if (user->handle_info->opserv_level > hi->opserv_level) return 1; if (user->handle_info->opserv_level == hi->opserv_level) { @@ -790,12 +771,12 @@ oper_outranks(struct userNode *user, struct handle_info *hi) { return 1; } } - send_message(user, nickserv, "MSG_USER_OUTRANKED", hi->handle); + reply("MSG_USER_OUTRANKED", hi->handle); return 0; } -static struct handle_info * -get_victim_oper(struct userNode *user, const char *target) +struct handle_info * +get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target) { struct handle_info *hi; if (!(hi = smart_get_handle_info(nickserv, user, target))) @@ -804,7 +785,7 @@ get_victim_oper(struct userNode *user, const char *target) send_message(user, nickserv, "MSG_OPER_SUSPENDED"); return 0; } - return oper_outranks(user, hi) ? hi : NULL; + return oper_outranks(cmd, user, hi) ? hi : NULL; } static int @@ -909,11 +890,28 @@ reg_handle_rename_func(handle_rename_func_t func) static char * generate_fakehost(struct handle_info *handle) { + struct userNode *target; extern const char *hidden_host_suffix; static char buffer[HOSTLEN+1]; + char *data; + int style = 1; if (!handle->fakehost) { - snprintf(buffer, sizeof(buffer), "%s.%s", handle->handle, hidden_host_suffix); + data = conf_get_data("server/hidden_host_type", RECDB_QSTRING); + if (data) + style = atoi(data); + + if (style == 1) + snprintf(buffer, sizeof(buffer), "%s.%s", handle->handle, hidden_host_suffix); + else if (style == 2) { + /* Due to the way fakehost is coded theres no way i can + get the exact user, so for now ill just take the first + authed user. */ + for (target = handle->users; target; target = target->next_authed) + break; + + snprintf(buffer, sizeof(buffer), "%s", target->crypthost); + } return buffer; } else if (handle->fakehost[0] == '.') { /* A leading dot indicates the stored value is actually a title. */ @@ -987,10 +985,8 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) if (hi && !hi->users && !hi->opserv_level) HANDLE_CLEAR_FLAG(hi, HELPING); - if (GetUserH(user->nick)) { - for (n=0; nnick)) user->loc = 1; if (hi) { @@ -1003,26 +999,28 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) send_message(other, nickserv, "NSMSG_CLONE_AUTH", user->nick, user->ident, user->hostname); } + /* Add this auth to users list of current auths */ user->next_authed = hi->users; hi->users = user; hi->lastseen = now; + /* Add to helpers list */ if (IsHelper(user)) userList_append(&curr_helpers, user); + /* Set the fakehost */ if (hi->fakehost || old_info) apply_fakehost(hi); if (stamp) { -#ifdef WITH_PROTOCOL_BAHAMUT - /* Stamp users with their account ID. */ - char id[IDLEN + 1]; - inttobase64(id, hi->id, IDLEN); -#elif WITH_PROTOCOL_P10 +#ifdef WITH_PROTOCOL_P10 /* Stamp users with their account name. */ char *id = hi->handle; #else const char *id = "???"; #endif + /* Mark all the nicks registered to this + * account as registered nicks + * - Why not just this one? -rubin */ if (!nickserv_conf.disable_nicks) { struct nick_info *ni; for (ni = hi->nicks; ni; ni = ni->next) { @@ -1032,15 +1030,23 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) } } } + /* send the account to the ircd */ StampUser(user, id, hi->registered); } + /* Stop trying to kick this user off their nick */ if ((ni = get_nick_info(user->nick)) && (ni->owner == hi)) timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN); } else { /* We cannot clear the user's account ID, unfortunately. */ user->next_authed = NULL; } + + /* Call auth handlers */ + if (GetUserH(user->nick)) { + for (n=0; n 15) { - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + if(user) + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); return 0; } @@ -1065,8 +1073,20 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; cryptpass(passwd, crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + rc = ldap_do_add(handle, crypted, NULL); + if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) { + if(user) + send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif hi = register_handle(handle, crypted, 0); hi->masks = alloc_string_list(1); + hi->ignores = alloc_string_list(1); hi->users = NULL; hi->language = lang_C; hi->registered = now; @@ -1075,18 +1095,31 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha if (settee && !no_auth) set_user_handle_info(settee, hi, 1); - if (user != settee) + if (user != settee) { + if(user) send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS"); - else if (nickserv_conf.disable_nicks) + } + else if (nickserv_conf.disable_nicks) { + if(user) { send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS"); - else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) + } + } + else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { + if(user) { send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER"); + } + } else { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if(user) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } } - if (settee && (user != settee)) + if (settee && (user != settee)) { + if(user) { send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle); + } + } return hi; } @@ -1255,11 +1288,17 @@ nickserv_set_email_addr(struct handle_info *hi, const char *new_email_addr) static NICKSERV_FUNC(cmd_register) { + irc_in_addr_t ip; struct handle_info *hi; const char *email_addr, *password; char syncpass[MD5_CRYPT_LENGTH]; int no_auth, weblink; + if (checkDefCon(DEFCON_NO_NEW_NICKS) && !IsOper(user)) { + reply("NSMSG_DEFCON_NO_NEW_NICKS", nickserv_conf.disable_nicks ? "accounts" : "nicknames"); + return 0; + } + if (!IsOper(user) && !dict_size(nickserv_handle_dict)) { /* Require the first handle registered to belong to someone +o. */ reply("NSMSG_REQUIRE_OPER"); @@ -1286,6 +1325,8 @@ static NICKSERV_FUNC(cmd_register) NICKSERV_MIN_PARMS((unsigned)3 + nickserv_conf.email_required); + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(argv[1]); if (!is_valid_handle(argv[1])) { reply("NSMSG_BAD_HANDLE", argv[1]); return 0; @@ -1348,7 +1389,7 @@ static NICKSERV_FUNC(cmd_register) string_list_append(hi->masks, strdup("*@*")); } else { string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); - if (user->ip.s_addr && user->hostname[strspn(user->hostname, "0123456789.")]) + if (irc_in_addr_is_valid(user->ip) && !irc_pton(&ip, NULL, user->hostname)) string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); } @@ -1359,8 +1400,25 @@ static NICKSERV_FUNC(cmd_register) } /* Set their email address. */ - if (email_addr) + if (email_addr) { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, email_addr)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, email_addr); + } + } + else { + nickserv_set_email_addr(hi, email_addr); + } +#else nickserv_set_email_addr(hi, email_addr); +#endif + } /* If they need to do email verification, tell them. */ if (no_auth) @@ -1387,60 +1445,177 @@ static NICKSERV_FUNC(cmd_register) static NICKSERV_FUNC(cmd_oregister) { - char *mask; - struct userNode *settee; + struct userNode *settee = NULL; struct handle_info *hi; + char* account = NULL; + char* pass = NULL; + char* email = NULL; + char* mask = NULL; + char* nick = NULL; - NICKSERV_MIN_PARMS(nickserv_conf.email_required ? 5 : 4); - - if (!is_valid_handle(argv[1])) { - reply("NSMSG_BAD_HANDLE", argv[1]); - return 0; - } - + NICKSERV_MIN_PARMS(3); + + account = argv[1]; + pass = argv[2]; + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(account); if (nickserv_conf.email_required) { - if (!valid_email(argv[4])) { - reply("NSMSG_BAD_EMAIL_ADDR"); - return 0; + NICKSERV_MIN_PARMS(4); + email = argv[3]; + if (argc >= 5) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */ + if (strchr(argv[4], '@') || argc >= 6) /* If @, its mask not nick */ + mask = argv[4]; + else + nick = argv[4]; + } + if (argc >= 6) { + nick = argv[5]; } } - - if (strchr(argv[3], '@')) { - mask = canonicalize_hostmask(strdup(argv[3])); - if (argc > 4) { - settee = GetUserH(nickserv_conf.email_required ? argv[5] : argv[4]); - if (!settee) { - reply("MSG_NICK_UNKNOWN", nickserv_conf.email_required ? argv[5] : argv[4]); - free(mask); - return 0; - } - } else { - settee = NULL; - } - } else if ((settee = GetUserH(argv[3]))) { - mask = generate_hostmask(settee, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); - } else { - reply("NSMSG_REGISTER_BAD_NICKMASK", argv[3]); - return 0; + else { + if (argc >= 4) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */ + if (strchr(argv[3], '@') || argc >= 5) /* If @, its mask not nick */ + mask = argv[3]; + else + nick = argv[3]; + } + if (argc >= 5) { + nick = argv[4]; + } } + /* If they passed a nick, look for that user.. */ + if (nick && !(settee = GetUserH(nick))) { + reply("MSG_NICK_UNKNOWN", argv[4]); + return 0; + } + /* If the setee is already authed, we cant add a 2nd account for them.. */ if (settee && settee->handle_info) { reply("NSMSG_USER_PREV_AUTH", settee->nick); - free(mask); return 0; } - if (!(hi = nickserv_register(user, settee, argv[1], argv[2], 0))) { - if (nickserv_conf.email_required) { - nickserv_set_email_addr(hi, argv[4]); - if (nickserv_conf.sync_log) - SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, argv[4], user->info); + /* If there is no default mask in the conf, and they didn't pass a mask, + * but we did find a user by nick, generate the mask */ + if (!mask) { + if (nickserv_conf.default_hostmask) + mask = "*@*"; + else if (settee) + mask = generate_hostmask(settee, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); + else { + reply("NSMSG_REGISTER_BAD_NICKMASK"); + return 0; } - free(mask); - return 0; } - string_list_append(hi->masks, mask); + + if (!(hi = nickserv_register(user, settee, account, pass, 0))) { + return 0; /* error reply handled by above */ + } + if (email) { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, email)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, email); + } + } + else { + nickserv_set_email_addr(hi, email); + } +#else + nickserv_set_email_addr(hi, email); +#endif + } + if (mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + + if (nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, email ? email : "@", user->info); /* Send just @ for email if none */ + return 1; +} + +static int +nickserv_ignore(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, char *mask) +{ + unsigned int i; + struct userNode *target; + char *new_mask = strdup(pretty_mask(mask)); + for (i=0; iignores->used; i++) { + if (!irccasecmp(new_mask, hi->ignores->list[i])) { + reply("NSMSG_ADDIGNORE_ALREADY", new_mask); + free(new_mask); + return 0; + } + } + string_list_append(hi->ignores, new_mask); + reply("NSMSG_ADDIGNORE_SUCCESS", new_mask); + + for (target = hi->users; target; target = target->next_authed) { + irc_silence(target, new_mask, 1); + } return 1; } +static NICKSERV_FUNC(cmd_addignore) +{ + NICKSERV_MIN_PARMS(2); + + return nickserv_ignore(cmd, user, user->handle_info, argv[1]); +} + +static NICKSERV_FUNC(cmd_oaddignore) +{ + struct handle_info *hi; + + NICKSERV_MIN_PARMS(3); + if (!(hi = get_victim_oper(cmd, user, argv[1]))) + return 0; + + return nickserv_ignore(cmd, user, hi, argv[2]); +} + +static int +nickserv_delignore(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, char *del_mask) +{ + unsigned int i; + struct userNode *target; + char *pmask = strdup(pretty_mask(del_mask)); + for (i=0; iignores->used; i++) { + if (!strcmp(pmask, hi->ignores->list[i]) || !strcmp(del_mask, hi->ignores->list[i])) { + char *old_mask = hi->ignores->list[i]; + hi->ignores->list[i] = hi->ignores->list[--hi->ignores->used]; + reply("NSMSG_DELMASK_SUCCESS", old_mask); + for (target = hi->users; target; target = target->next_authed) { + irc_silence(target, old_mask, 0); + } + free(old_mask); + free(pmask); + return 1; + } + } + reply("NSMSG_DELMASK_NOT_FOUND"); + return 0; +} + +static NICKSERV_FUNC(cmd_delignore) +{ + NICKSERV_MIN_PARMS(2); + return nickserv_delignore(cmd, user, user->handle_info, argv[1]); +} + +static NICKSERV_FUNC(cmd_odelignore) +{ + struct handle_info *hi; + NICKSERV_MIN_PARMS(3); + if (!(hi = get_victim_oper(cmd, user, argv[1]))) + return 0; + return nickserv_delignore(cmd, user, hi, argv[2]); +} + static NICKSERV_FUNC(cmd_handleinfo) { char buff[400]; @@ -1461,9 +1636,6 @@ static NICKSERV_FUNC(cmd_handleinfo) nsmsg_none = handle_find_message(hi, "MSG_NONE"); reply("NSMSG_HANDLEINFO_ON", hi->handle); reply("MSG_BAR"); -#ifdef WITH_PROTOCOL_BAHAMUT - reply("NSMSG_HANDLEINFO_ID", hi->id); -#endif reply("NSMSG_HANDLEINFO_REGGED", ctime(&hi->registered)); if (!hi->users) { @@ -1481,7 +1653,7 @@ static NICKSERV_FUNC(cmd_handleinfo) struct do_not_register *dnr; if ((dnr = chanserv_is_dnr(NULL, hi))) reply("NSMSG_HANDLEINFO_DNR", dnr->setter, dnr->reason); - if (!oper_outranks(user, hi)) + if (!oper_outranks(cmd, user, hi)) return 1; } else if (hi != user->handle_info) { reply("NSMSG_HANDLEINFO_END"); @@ -1585,6 +1757,26 @@ static NICKSERV_FUNC(cmd_handleinfo) reply("NSMSG_HANDLEINFO_MASKS", nsmsg_none); } + if (hi->ignores->used) { + for (i=0; i < hi->ignores->used; i++) { + herelen = strlen(hi->ignores->list[i]); + if (pos + herelen + 1 > ArrayLength(buff)) { + i--; + goto print_ignore_buff; + } + memcpy(buff+pos, hi->ignores->list[i], herelen); + pos += herelen; buff[pos++] = ' '; + if (i+1 == hi->ignores->used) { + print_ignore_buff: + buff[pos-1] = 0; + reply("NSMSG_HANDLEINFO_IGNORES", buff); + pos = 0; + } + } + } else { + reply("NSMSG_HANDLEINFO_IGNORES", nsmsg_none); + } + if (hi->channels) { struct userData *channel, *next; char *name; @@ -1666,11 +1858,13 @@ static NICKSERV_FUNC(cmd_rename_handle) { struct handle_info *hi; struct userNode *uNode; - char msgbuf[MAXLEN], *old_handle; + char *old_handle; unsigned int nn; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(user, argv[1]))) + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(argv[2]); + if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; if (!is_valid_handle(argv[2])) { reply("NSMSG_FAIL_RENAME", argv[1], argv[2]); @@ -1685,14 +1879,21 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NMSG_HANDLE_TOLONG", argv[2], 15); return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if( (rc = ldap_rename_account(hi->handle, argv[2])) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif dict_remove2(nickserv_handle_dict, old_handle = hi->handle, 1); hi->handle = strdup(argv[2]); dict_insert(nickserv_handle_dict, hi->handle, hi); for (nn=0; nnhandle_info->handle, old_handle, hi->handle); - if (nickserv_conf.sync_log) { for (uNode = hi->users; uNode; uNode = uNode->next_authed) @@ -1702,7 +1903,9 @@ static NICKSERV_FUNC(cmd_rename_handle) } reply("NSMSG_HANDLE_CHANGED", old_handle, hi->handle); - global_message(MESSAGE_RECIPIENT_STAFF, msgbuf); + global_message_args(MESSAGE_RECIPIENT_OPERS, "NSMSG_ACCOUNT_RENAMED", + user->handle_info->handle, old_handle, hi->handle); + free(old_handle); return 1; } @@ -1738,9 +1941,66 @@ struct handle_info *loc_auth(char *handle, char *password) int wildmask = 0; struct handle_info *hi; struct userNode *other; +#ifdef WITH_LDAP + int ldap_result = LDAP_SUCCESS; + char *email = NULL; + +#endif hi = dict_find(nickserv_handle_dict, handle, NULL); - pw_arg = 2; + pw_arg = 2; + +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(handle, password); + if(ldap_result != LDAP_SUCCESS) { + return NULL; + } + } +// else +#else + if (!checkpass(password, hi->passwd)) { + return NULL; + } +#endif +#ifdef WITH_LDAP + if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + int rc; + + /* Add a *@* mask */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + return NULL; /* They dont have a *@* mask so they can't loc */ + + if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { + return 0; /* couldn't add the user for some reason */ + } + + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + return 0; + } + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); + } +#endif + + /* Still no account, so just fail out */ if (!hi) { return NULL; } @@ -1760,19 +2020,17 @@ struct handle_info *loc_auth(char *handle, char *password) if(wildmask < 1) return NULL; - /* Responses from here on look up the language used by the handle they asked about. */ - if (!checkpass(password, hi->passwd)) { - return NULL; - } if (HANDLE_FLAGGED(hi, SUSPENDED)) { return NULL; } + maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins; for (used = 0, other = hi->users; other; other = other->next_authed) { if (++used >= maxlogins) { return NULL; } } + /* TODO - Add LOGGING to this function so LOC's are logged.. */ return hi; } @@ -1782,6 +2040,10 @@ static NICKSERV_FUNC(cmd_auth) struct handle_info *hi; const char *passwd; struct userNode *other; +#ifdef WITH_LDAP + int ldap_result = LDAP_OTHER; + char *email = NULL; +#endif if (user->handle_info) { reply("NSMSG_ALREADY_AUTHED", user->handle_info->handle); @@ -1795,8 +2057,39 @@ static NICKSERV_FUNC(cmd_auth) return 0; } if (argc == 3) { +#ifdef WITH_LDAP + if(strchr(argv[1], '<') || strchr(argv[1], '>')) { + reply("NSMSG_NO_ANGLEBRACKETS"); + return 0; + } + if (!is_valid_handle(argv[1])) { + reply("NSMSG_BAD_HANDLE", argv[1]); + return 0; + } + + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(argv[1], argv[2]); + /* Get the users email address and update it */ + if(ldap_result == LDAP_SUCCESS) { + int rc; + if((rc = ldap_get_user_info(argv[1], &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc)); + return 0; + } + } + } + else if(ldap_result != LDAP_INVALID_CREDENTIALS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + } + +#endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; +#ifdef notdef } else if (argc == 2) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { @@ -1805,6 +2098,7 @@ static NICKSERV_FUNC(cmd_auth) } } else { /* try to look up their handle from their nick */ + /* TODO: handle ldap auth on nickserv style networks, too */ struct nick_info *ni; ni = get_nick_info(user->nick); if (!ni) { @@ -1814,14 +2108,47 @@ static NICKSERV_FUNC(cmd_auth) hi = ni->owner; } pw_arg = 1; +#endif } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); return 0; } if (!hi) { - reply("NSMSG_HANDLE_NOT_FOUND"); - return 0; +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + if(!(hi = nickserv_register(user, NULL, argv[1], argv[2], 0))) { + reply("NSMSG_UNABLE_TO_ADD"); + return 0; /* couldn't add the user for some reason */ + } + /* Add a *@* mask */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); + + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, email ? email : "@", user->info); + } + else { +#endif + reply("NSMSG_HANDLE_NOT_FOUND"); + return 0; +#ifdef WITH_LDAP + } +#endif } /* Responses from here on look up the language used by the handle they asked about. */ passwd = argv[pw_arg]; @@ -1837,7 +2164,12 @@ static NICKSERV_FUNC(cmd_auth) argv[pw_arg] = "BADMASK"; return 1; } +#ifdef WITH_LDAP + if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { +#else if (!checkpass(passwd, hi->passwd)) { +#endif unsigned int n; send_message_type(4, user, cmd->parent->bot, handle_find_message(hi, "NSMSG_PASSWORD_INVALID")); @@ -2044,7 +2376,7 @@ static NICKSERV_FUNC(cmd_odelcookie) NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(user, argv[1]))) + if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; if (!hi->cookie) { @@ -2052,6 +2384,48 @@ static NICKSERV_FUNC(cmd_odelcookie) return 0; } + switch (hi->cookie->type) { + case ACTIVATION: + safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); + if (nickserv_conf.sync_log) + SyncLog("ACCOUNTACC %s", hi->handle); + break; + case PASSWORD_CHANGE: + safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); + if (nickserv_conf.sync_log) + SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); + break; + case EMAIL_CHANGE: + if (!hi->email_addr && nickserv_conf.sync_log) { + if (nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); + } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, hi->cookie->data); + } + } + else { + nickserv_set_email_addr(hi, hi->cookie->data); + } +#else + nickserv_set_email_addr(hi, hi->cookie->data); +#endif + if (nickserv_conf.sync_log) + SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data); + break; + default: + reply("NSMSG_BAD_COOKIE_TYPE", hi->cookie->type); + log_module(NS_LOG, LOG_ERROR, "Bad cookie type %d for account %s.", hi->cookie->type, hi->handle); + break; + } + nickserv_eat_cookie(hi->cookie); reply("NSMSG_ATE_FOREIGN_COOKIE", hi->handle); @@ -2136,6 +2510,17 @@ static NICKSERV_FUNC(cmd_cookie) switch (hi->cookie->type) { case ACTIVATION: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); set_user_handle_info(user, hi, 1); reply("NSMSG_HANDLE_ACTIVATED"); @@ -2143,6 +2528,17 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("ACCOUNTACC %s", hi->handle); break; case PASSWORD_CHANGE: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif set_user_handle_info(user, hi, 1); safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); reply("NSMSG_PASSWORD_CHANGED"); @@ -2150,6 +2546,17 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); break; case EMAIL_CHANGE: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); + return 0; + } + } +#endif if (!hi->email_addr && nickserv_conf.sync_log) { /* * This should only happen if an OREGISTER was sent. Require @@ -2158,6 +2565,7 @@ static NICKSERV_FUNC(cmd_cookie) if (nickserv_conf.sync_log) SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); } + nickserv_set_email_addr(hi, hi->cookie->data); reply("NSMSG_EMAIL_CHANGED"); if (nickserv_conf.sync_log) @@ -2230,7 +2638,11 @@ static NICKSERV_FUNC(cmd_regnick) { static NICKSERV_FUNC(cmd_pass) { struct handle_info *hi; - const char *old_pass, *new_pass; + char *old_pass, *new_pass; + char crypted[MD5_CRYPT_LENGTH+1]; +#ifdef WITH_LDAP + int ldap_result; +#endif NICKSERV_MIN_PARMS(3); hi = user->handle_info; @@ -2238,12 +2650,36 @@ static NICKSERV_FUNC(cmd_pass) new_pass = argv[2]; argv[2] = "****"; if (!is_secure_password(hi->handle, new_pass, user)) return 0; + +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(hi->handle, old_pass); + if(ldap_result != LDAP_SUCCESS) { + if(ldap_result == LDAP_INVALID_CREDENTIALS) + reply("NSMSG_PASSWORD_INVALID"); + else + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + }else +#endif if (!checkpass(old_pass, hi->passwd)) { argv[1] = "BADPASS"; reply("NSMSG_PASSWORD_INVALID"); return 0; } - cryptpass(new_pass, hi->passwd); + cryptpass(new_pass, crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif + //cryptpass(new_pass, hi->passwd); + strcpy(hi->passwd, crypted); if (nickserv_conf.sync_log) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); argv[1] = "****"; @@ -2252,19 +2688,19 @@ static NICKSERV_FUNC(cmd_pass) } static int -nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask) +nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask) { unsigned int i; char *new_mask = canonicalize_hostmask(strdup(mask)); for (i=0; imasks->used; i++) { if (!irccasecmp(new_mask, hi->masks->list[i])) { - send_message(user, nickserv, "NSMSG_ADDMASK_ALREADY", new_mask); + reply("NSMSG_ADDMASK_ALREADY", new_mask); free(new_mask); return 0; } } string_list_append(hi->masks, new_mask); - send_message(user, nickserv, "NSMSG_ADDMASK_SUCCESS", new_mask); + reply("NSMSG_ADDMASK_SUCCESS", new_mask); return 1; } @@ -2272,7 +2708,7 @@ static NICKSERV_FUNC(cmd_addmask) { if (argc < 2) { char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); - int res = nickserv_addmask(user, user->handle_info, mask); + int res = nickserv_addmask(cmd, user, user->handle_info, mask); free(mask); return res; } else { @@ -2280,7 +2716,7 @@ static NICKSERV_FUNC(cmd_addmask) reply("NSMSG_MASK_INVALID", argv[1]); return 0; } - return nickserv_addmask(user, user->handle_info, argv[1]); + return nickserv_addmask(cmd, user, user->handle_info, argv[1]); } } @@ -2289,45 +2725,45 @@ static NICKSERV_FUNC(cmd_oaddmask) struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(user, argv[1]))) + if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; - return nickserv_addmask(user, hi, argv[2]); + return nickserv_addmask(cmd, user, hi, argv[2]); } static int -nickserv_delmask(struct userNode *user, struct handle_info *hi, const char *del_mask) +nickserv_delmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_mask) { unsigned int i; for (i=0; imasks->used; i++) { if (!strcmp(del_mask, hi->masks->list[i])) { char *old_mask = hi->masks->list[i]; if (hi->masks->used == 1) { - send_message(user, nickserv, "NSMSG_DELMASK_NOTLAST"); + reply("NSMSG_DELMASK_NOTLAST"); return 0; } hi->masks->list[i] = hi->masks->list[--hi->masks->used]; - send_message(user, nickserv, "NSMSG_DELMASK_SUCCESS", old_mask); + reply("NSMSG_DELMASK_SUCCESS", old_mask); free(old_mask); return 1; } } - send_message(user, nickserv, "NSMSG_DELMASK_NOT_FOUND"); + reply("NSMSG_DELMASK_NOT_FOUND"); return 0; } static NICKSERV_FUNC(cmd_delmask) { NICKSERV_MIN_PARMS(2); - return nickserv_delmask(user, user->handle_info, argv[1]); + return nickserv_delmask(cmd, user, user->handle_info, argv[1]); } static NICKSERV_FUNC(cmd_odelmask) { struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(user, argv[1]))) + if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; - return nickserv_delmask(user, hi, argv[2]); + return nickserv_delmask(cmd, user, hi, argv[2]); } int @@ -2405,24 +2841,24 @@ nickserv_apply_flags(struct userNode *user, struct handle_info *hi, const char * } static void -set_list(struct userNode *user, struct handle_info *hi, int override) +set_list(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, int override) { option_func_t *opt; unsigned int i; char *set_display[] = { "INFO", "WIDTH", "TABLEWIDTH", "COLOR", "PRIVMSG", "STYLE", "EMAIL", "ANNOUNCEMENTS", "AUTOHIDE", "MAXLOGINS", "LANGUAGE", - "FAKEHOST", "TITLE", "EPITHET" + "FAKEHOST", "TITLE", "EPITHET", "ADVANCED" }; - send_message(user, nickserv, "NSMSG_SETTING_LIST"); - send_message(user, nickserv, "NSMSG_SETTING_LIST_HEADER"); + reply("NSMSG_SETTING_LIST"); + reply("NSMSG_SETTING_LIST_HEADER"); /* Do this so options are presented in a consistent order. */ for (i = 0; i < ArrayLength(set_display); ++i) if ((opt = dict_find(nickserv_opt_dict, set_display[i], NULL))) - opt(user, hi, override, 0, NULL); - send_message(user, nickserv, "NSMSG_SETTING_LIST_END"); + opt(cmd, user, hi, override, 0, NULL); + reply("NSMSG_SETTING_LIST_END"); } static NICKSERV_FUNC(cmd_set) @@ -2432,14 +2868,14 @@ static NICKSERV_FUNC(cmd_set) hi = user->handle_info; if (argc < 2) { - set_list(user, hi, 0); + set_list(cmd, user, hi, 0); return 1; } if (!(opt = dict_find(nickserv_opt_dict, argv[1], NULL))) { reply("NSMSG_INVALID_OPTION", argv[1]); return 0; } - return opt(user, hi, 0, argc-1, argv+1); + return opt(cmd, user, hi, 0, argc-1, argv+1); } static NICKSERV_FUNC(cmd_oset) @@ -2449,11 +2885,11 @@ static NICKSERV_FUNC(cmd_oset) NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(user, argv[1]))) + if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; if (argc < 3) { - set_list(user, hi, 0); + set_list(cmd, user, hi, 0); return 1; } @@ -2462,7 +2898,7 @@ static NICKSERV_FUNC(cmd_oset) return 0; } - return opt(user, hi, 1, argc-2, argv+2); + return opt(cmd, user, hi, 1, argc-2, argv+2); } static OPTION_FUNC(opt_info) @@ -2478,7 +2914,7 @@ static OPTION_FUNC(opt_info) } info = hi->infoline ? hi->infoline : user_find_message(user, "MSG_NONE"); - send_message(user, nickserv, "NSMSG_SET_INFO", info); + reply("NSMSG_SET_INFO", info); return 1; } @@ -2492,7 +2928,7 @@ static OPTION_FUNC(opt_width) else if (hi->screen_width > MAX_LINE_SIZE) hi->screen_width = MAX_LINE_SIZE; - send_message(user, nickserv, "NSMSG_SET_WIDTH", hi->screen_width); + reply("NSMSG_SET_WIDTH", hi->screen_width); return 1; } @@ -2506,7 +2942,7 @@ static OPTION_FUNC(opt_tablewidth) else if (hi->screen_width > MAX_LINE_SIZE) hi->table_width = MAX_LINE_SIZE; - send_message(user, nickserv, "NSMSG_SET_TABLEWIDTH", hi->table_width); + reply("NSMSG_SET_TABLEWIDTH", hi->table_width); return 1; } @@ -2518,12 +2954,12 @@ static OPTION_FUNC(opt_color) else if (disabled_string(argv[1])) HANDLE_CLEAR_FLAG(hi, MIRC_COLOR); else { - send_message(user, nickserv, "MSG_INVALID_BINARY", argv[1]); + reply("MSG_INVALID_BINARY", argv[1]); return 0; } } - send_message(user, nickserv, "NSMSG_SET_COLOR", user_find_message(user, HANDLE_FLAGGED(hi, MIRC_COLOR) ? "MSG_ON" : "MSG_OFF")); + reply("NSMSG_SET_COLOR", user_find_message(user, HANDLE_FLAGGED(hi, MIRC_COLOR) ? "MSG_ON" : "MSG_OFF")); return 1; } @@ -2535,12 +2971,12 @@ static OPTION_FUNC(opt_privmsg) else if (disabled_string(argv[1])) HANDLE_CLEAR_FLAG(hi, USE_PRIVMSG); else { - send_message(user, nickserv, "MSG_INVALID_BINARY", argv[1]); + reply("MSG_INVALID_BINARY", argv[1]); return 0; } } - send_message(user, nickserv, "NSMSG_SET_PRIVMSG", user_find_message(user, HANDLE_FLAGGED(hi, USE_PRIVMSG) ? "MSG_ON" : "MSG_OFF")); + reply("NSMSG_SET_PRIVMSG", user_find_message(user, HANDLE_FLAGGED(hi, USE_PRIVMSG) ? "MSG_ON" : "MSG_OFF")); return 1; } @@ -2552,12 +2988,12 @@ static OPTION_FUNC(opt_autohide) else if (disabled_string(argv[1])) HANDLE_CLEAR_FLAG(hi, AUTOHIDE); else { - send_message(user, nickserv, "MSG_INVALID_BINARY", argv[1]); + reply("MSG_INVALID_BINARY", argv[1]); return 0; } } - send_message(user, nickserv, "NSMSG_SET_AUTOHIDE", user_find_message(user, HANDLE_FLAGGED(hi, AUTOHIDE) ? "MSG_ON" : "MSG_OFF")); + reply("NSMSG_SET_AUTOHIDE", user_find_message(user, HANDLE_FLAGGED(hi, AUTOHIDE) ? "MSG_ON" : "MSG_OFF")); return 1; } @@ -2570,6 +3006,8 @@ static OPTION_FUNC(opt_style) hi->userlist_style = HI_STYLE_CLEAN; else if (!irccasecmp(argv[1], "Advanced")) hi->userlist_style = HI_STYLE_ADVANCED; + else if (!irccasecmp(argv[1], "Classic")) + hi->userlist_style = HI_STYLE_CLASSIC; else /* Default to normal */ hi->userlist_style = HI_STYLE_NORMAL; } /* TODO: give error if unknow style is chosen */ @@ -2578,6 +3016,9 @@ static OPTION_FUNC(opt_style) case HI_STYLE_ADVANCED: style = "Advanced"; break; + case HI_STYLE_CLASSIC: + style = "Classic"; + break; case HI_STYLE_CLEAN: style = "Clean"; break; @@ -2586,7 +3027,7 @@ static OPTION_FUNC(opt_style) style = "Normal"; } - send_message(user, nickserv, "NSMSG_SET_STYLE", style); + reply("NSMSG_SET_STYLE", style); return 1; } @@ -2602,7 +3043,7 @@ static OPTION_FUNC(opt_announcements) else if (!strcmp(argv[1], "?") || !irccasecmp(argv[1], "default")) hi->announcements = '?'; else { - send_message(user, nickserv, "NSMSG_INVALID_ANNOUNCE", argv[1]); + reply("NSMSG_INVALID_ANNOUNCE", argv[1]); return 0; } } @@ -2613,24 +3054,36 @@ static OPTION_FUNC(opt_announcements) case '?': choice = "default"; break; default: choice = "unknown"; break; } - send_message(user, nickserv, "NSMSG_SET_ANNOUNCEMENTS", choice); + reply("NSMSG_SET_ANNOUNCEMENTS", choice); return 1; } static OPTION_FUNC(opt_password) { + char crypted[MD5_CRYPT_LENGTH+1]; + if(argc < 1) { + return 0; + } if (!override) { - send_message(user, nickserv, "NSMSG_USE_CMD_PASS"); + reply("NSMSG_USE_CMD_PASS"); return 0; } - if (argc > 1) - cryptpass(argv[1], hi->passwd); - + cryptpass(argv[1], crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif + strcpy(hi->passwd, crypted); if (nickserv_conf.sync_log) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); - send_message(user, nickserv, "NSMSG_SET_PASSWORD", "***"); + reply("NSMSG_SET_PASSWORD", "***"); return 1; } @@ -2640,7 +3093,7 @@ static OPTION_FUNC(opt_flags) unsigned int ii, flen; if (!override) { - send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + reply("MSG_SETTING_PRIVILEGED", argv[0]); return 0; } @@ -2652,9 +3105,9 @@ static OPTION_FUNC(opt_flags) flags[flen++] = handle_flags[ii]; flags[flen] = '\0'; if (hi->flags) - send_message(user, nickserv, "NSMSG_SET_FLAGS", flags); + reply("NSMSG_SET_FLAGS", flags); else - send_message(user, nickserv, "NSMSG_SET_FLAGS", user_find_message(user, "MSG_NONE")); + reply("NSMSG_SET_FLAGS", user_find_message(user, "MSG_NONE")); return 1; } @@ -2663,25 +3116,34 @@ static OPTION_FUNC(opt_email) if (argc > 1) { const char *str; if (!valid_email(argv[1])) { - send_message(user, nickserv, "NSMSG_BAD_EMAIL_ADDR"); + reply("NSMSG_BAD_EMAIL_ADDR"); return 0; } if ((str = sendmail_prohibited_address(argv[1]))) { - send_message(user, nickserv, "NSMSG_EMAIL_PROHIBITED", argv[1], str); + reply("NSMSG_EMAIL_PROHIBITED", argv[1], str); return 0; } if (hi->email_addr && !irccasecmp(hi->email_addr, argv[1])) - send_message(user, nickserv, "NSMSG_EMAIL_SAME"); + reply("NSMSG_EMAIL_SAME"); else if (!override) nickserv_make_cookie(user, hi, EMAIL_CHANGE, argv[1], 0); else { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, argv[1])) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif nickserv_set_email_addr(hi, argv[1]); if (hi->cookie) nickserv_eat_cookie(hi->cookie); - send_message(user, nickserv, "NSMSG_SET_EMAIL", visible_email_addr(user, hi)); + reply("NSMSG_SET_EMAIL", visible_email_addr(user, hi)); } } else - send_message(user, nickserv, "NSMSG_SET_EMAIL", visible_email_addr(user, hi)); + reply("NSMSG_SET_EMAIL", visible_email_addr(user, hi)); return 1; } @@ -2691,13 +3153,30 @@ static OPTION_FUNC(opt_maxlogins) if (argc > 1) { maxlogins = strtoul(argv[1], NULL, 0); if ((maxlogins > nickserv_conf.hard_maxlogins) && !override) { - send_message(user, nickserv, "NSMSG_BAD_MAX_LOGINS", nickserv_conf.hard_maxlogins); + reply("NSMSG_BAD_MAX_LOGINS", nickserv_conf.hard_maxlogins); return 0; } hi->maxlogins = maxlogins; } maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins; - send_message(user, nickserv, "NSMSG_SET_MAXLOGINS", maxlogins); + reply("NSMSG_SET_MAXLOGINS", maxlogins); + return 1; +} + +static OPTION_FUNC(opt_advanced) +{ + if (argc > 1) { + if (enabled_string(argv[1])) + HANDLE_SET_FLAG(hi, ADVANCED); + else if (disabled_string(argv[1])) + HANDLE_CLEAR_FLAG(hi, ADVANCED); + else { + reply("MSG_INVALID_BINARY", argv[1]); + return 0; + } + } + + reply("NSMSG_SET_ADVANCED", user_find_message(user, HANDLE_FLAGGED(hi, ADVANCED) ? "MSG_ON" : "MSG_OFF")); return 1; } @@ -2707,13 +3186,14 @@ static OPTION_FUNC(opt_language) if (argc > 1) { lang = language_find(argv[1]); if (irccasecmp(lang->name, argv[1])) - send_message(user, nickserv, "NSMSG_LANGUAGE_NOT_FOUND", argv[1], lang->name); + reply("NSMSG_LANGUAGE_NOT_FOUND", argv[1], lang->name); hi->language = lang; } - send_message(user, nickserv, "NSMSG_SET_LANGUAGE", hi->language->name); + reply("NSMSG_SET_LANGUAGE", hi->language->name); return 1; } +/* Called from opserv from cmd_access */ int oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_info *target, unsigned int new_level) { if (!oper_has_access(user, bot, nickserv_conf.modoper_level, 0)) @@ -2734,6 +3214,19 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i send_message(user, bot, "MSG_STUPID_ACCESS_CHANGE"); return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { + int rc; + if(new_level > 0) + rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); + else + rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); + if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) { + send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif if (target->opserv_level == new_level) return 0; log_module(NS_LOG, LOG_INFO, "Account %s setting oper level for account %s to %d (from %d).", @@ -2747,12 +3240,12 @@ static OPTION_FUNC(opt_level) int res; if (!override) { - send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + reply("MSG_SETTING_PRIVILEGED", argv[0]); return 0; } res = (argc > 1) ? oper_try_set_access(user, nickserv, hi, strtoul(argv[1], NULL, 0)) : 0; - send_message(user, nickserv, "NSMSG_SET_LEVEL", hi->opserv_level); + reply("NSMSG_SET_LEVEL", hi->opserv_level); return res; } @@ -2760,8 +3253,10 @@ static OPTION_FUNC(opt_epithet) { if ((argc > 1) && oper_has_access(user, nickserv, nickserv_conf.set_epithet_level, 0)) { char *epithet; + struct userNode *target, *next_un; + if (!override) { - send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + reply("MSG_SETTING_PRIVILEGED", argv[0]); return 0; } @@ -2773,40 +3268,56 @@ static OPTION_FUNC(opt_epithet) hi->epithet = NULL; else hi->epithet = strdup(epithet); + + for (target = hi->users; target; target = next_un) { + irc_swhois(nickserv, target, hi->epithet); + + next_un = target->next_authed; + } } if (hi->epithet) - send_message(user, nickserv, "NSMSG_SET_EPITHET", hi->epithet); + reply("NSMSG_SET_EPITHET", hi->epithet); else - send_message(user, nickserv, "NSMSG_SET_EPITHET", user_find_message(user, "MSG_NONE")); + reply("NSMSG_SET_EPITHET", user_find_message(user, "MSG_NONE")); return 1; } static OPTION_FUNC(opt_title) { - const char *title; + char *title; + const char *none; + char *sptr; if ((argc > 1) && oper_has_access(user, nickserv, nickserv_conf.set_title_level, 0)) { if (!override) { - send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + reply("MSG_SETTING_PRIVILEGED", argv[0]); return 0; } title = argv[1]; - if (strchr(title, '.')) { - send_message(user, nickserv, "NSMSG_TITLE_INVALID"); - return 0; - } - if ((strlen(user->handle_info->handle) + strlen(title) + - strlen(nickserv_conf.titlehost_suffix) + 2) > HOSTLEN) { - send_message(user, nickserv, "NSMSG_TITLE_TRUNCATED"); - return 0; - } - - free(hi->fakehost); - if (!strcmp(title, "*")) { + if(!strcmp(title, "*")) { + free(hi->fakehost); hi->fakehost = NULL; - } else { + } + else { + if (strchr(title, '.')) { + reply("NSMSG_TITLE_INVALID"); + return 0; + } + /* Alphanumeric titles only. */ + for(sptr = title; *sptr; sptr++) { + if(!isalnum(*sptr) && *sptr != '-') { + reply("NSMSG_TITLE_INVALID"); + return 0; + } + } + if ((strlen(user->handle_info->handle) + strlen(title) + + strlen(nickserv_conf.titlehost_suffix) + 2) > HOSTLEN) { + reply("NSMSG_TITLE_TRUNCATED"); + return 0; + } + free(hi->fakehost); hi->fakehost = malloc(strlen(title)+2); hi->fakehost[0] = '.'; strcpy(hi->fakehost+1, title); @@ -2814,48 +3325,147 @@ static OPTION_FUNC(opt_title) apply_fakehost(hi); } else if (hi->fakehost && (hi->fakehost[0] == '.')) title = hi->fakehost + 1; - else - title = NULL; + else { + /* If theres no title set then the default title will therefore + be the first part of hidden_host in x3.conf, so for + consistency with opt_fakehost we will print this here. + This isnt actually used in P10, its just handled to keep from crashing... */ + char *hs, *hidden_suffix, *rest; + + hs = conf_get_data("server/hidden_host", RECDB_QSTRING); + hidden_suffix = strdup(hs); + + /* Yes we do this twice */ + if((rest = strchr(hidden_suffix, '.'))) + { + *rest = '\0'; + title = hidden_suffix; + } + else + { + /* A lame default if someone configured hidden_host to something lame */ + title = strdup("users"); + free(hidden_suffix); + } + + } + if (!title) - title = user_find_message(user, "MSG_NONE"); - send_message(user, nickserv, "NSMSG_SET_TITLE", title); + none = user_find_message(user, "MSG_NONE"); + send_message(user, nickserv, "NSMSG_SET_TITLE", title ? title : none); return 1; } +int +check_vhost(char *vhost, struct userNode *user, struct svccmd *cmd) +{ + unsigned int y; + + // check for a dot in the vhost + if(strchr(vhost, '.') == NULL) { + reply("NSMSG_NOT_VALID_FAKEHOST_DOT", vhost); + return 0; + } + + // check for a @ in the vhost + if(strchr(vhost, '@') != NULL) { + reply("NSMSG_NOT_VALID_FAKEHOST_AT", vhost); + return 0; + } + + // check for denied words, inspired by monk at paki.sex + for(y = 0; y < nickserv_conf.denied_fakehost_words->used; y++) { + if(strstr(vhost, nickserv_conf.denied_fakehost_words->list[y]) != NULL) { + reply("NSMSG_DENIED_FAKEHOST_WORD", vhost, nickserv_conf.denied_fakehost_words->list[y]); + return 0; + } + } + + // check for ircu's HOSTLEN length. + if(strlen(vhost) >= HOSTLEN) { + reply("NSMSG_NOT_VALID_FAKEHOST_LEN", vhost); + return 0; + } + + /* This can be handled by the regex now if desired. + if (vhost[strspn(vhost, "0123456789.")]) { + hostname = vhost + strlen(vhost); + for (depth = 1; depth && (hostname > vhost); depth--) { + hostname--; + while ((hostname > vhost) && (*hostname != '.')) hostname--; + } + + if (*hostname == '.') hostname++; * advance past last dot we saw * + if(strlen(hostname) > 4) { + reply("NSMSG_NOT_VALID_FAKEHOST_TLD_LEN", vhost); + return 0; + } + } + */ + /* test either regex or as valid handle */ + if (nickserv_conf.valid_fakehost_regex_set) { + int err = regexec(&nickserv_conf.valid_fakehost_regex, vhost, 0, 0, 0); + if (err) { + char buff[256]; + buff[regerror(err, &nickserv_conf.valid_fakehost_regex, buff, sizeof(buff))] = 0; + log_module(NS_LOG, LOG_INFO, "regexec error: %s (%d)", buff, err); + } + if(err == REG_NOMATCH) { + reply("NSMSG_NOT_VALID_FAKEHOST_REGEX", vhost); + return 0; + } + } + + + return 1; +} + static OPTION_FUNC(opt_fakehost) { const char *fake; if ((argc > 1) && oper_has_access(user, nickserv, nickserv_conf.set_fakehost_level, 0)) { if (!override) { - send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + reply("MSG_SETTING_PRIVILEGED", argv[0]); return 0; } fake = argv[1]; if ((strlen(fake) > HOSTLEN) || (fake[0] == '.')) { - send_message(user, nickserv, "NSMSG_FAKEHOST_INVALID", HOSTLEN); + reply("NSMSG_FAKEHOST_INVALID", HOSTLEN); return 0; } - free(hi->fakehost); - if (!strcmp(fake, "*")) - hi->fakehost = NULL; - else + if (!strcmp(fake, "*")) { + if(hi->fakehost) { + free(hi->fakehost); + hi->fakehost = NULL; + } + } + else if (!check_vhost(argv[1], user, cmd)) { + /* check_vhost takes care of error reply */ + return 0; + } + else { + if(hi->fakehost) + free(hi->fakehost); hi->fakehost = strdup(fake); - fake = hi->fakehost; + } apply_fakehost(hi); + fake = hi->fakehost; } else fake = generate_fakehost(hi); + + /* Tell them we set the host */ if (!fake) fake = user_find_message(user, "MSG_NONE"); - send_message(user, nickserv, "NSMSG_SET_FAKEHOST", fake); + reply("NSMSG_SET_FAKEHOST", fake); return 1; } static OPTION_FUNC(opt_note) { if (!override) { - send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + reply("MSG_SETTING_PRIVILEGED", argv[0]); return 0; } @@ -2873,7 +3483,7 @@ static OPTION_FUNC(opt_note) } } - send_message(user, nickserv, "NSMSG_SET_NOTE", hi->note->note); + reply("NSMSG_SET_NOTE", hi->note ? hi->note->note : user_find_message(user, "MSG_NONE")); return 1; } @@ -2963,8 +3573,10 @@ static NICKSERV_FUNC(cmd_unregister) passwd = argv[1]; argv[1] = "****"; if (checkpass(passwd, hi->passwd)) { - nickserv_unregister_handle(hi, user, cmd->parent->bot); - return 1; + if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) + return 1; + else + return 0; } else { log_module(NS_LOG, LOG_INFO, "Account '%s' tried to unregister with the wrong password.", hi->handle); reply("NSMSG_PASSWORD_INVALID"); @@ -2977,10 +3589,12 @@ static NICKSERV_FUNC(cmd_ounregister) struct handle_info *hi; NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(user, argv[1]))) + if (!(hi = get_victim_oper(cmd, user, argv[1]))) + return 0; + if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) + return 1; + else return 0; - nickserv_unregister_handle(hi, user, cmd->parent->bot); - return 1; } static NICKSERV_FUNC(cmd_status) @@ -3043,9 +3657,6 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { for (it = dict_first(nickserv_handle_dict); it; it = iter_next(it)) { hi = iter_data(it); -#ifdef WITH_PROTOCOL_BAHAMUT - assert(hi->id); -#endif saxdb_start_record(ctx, iter_key(it), 0); if (hi->announcements != '?') { flags[0] = hi->announcements; @@ -3096,9 +3707,6 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { flags[flen] = 0; saxdb_write_string(ctx, KEY_FLAGS, flags); } -#ifdef WITH_PROTOCOL_BAHAMUT - saxdb_write_int(ctx, KEY_ID, hi->id); -#endif if (hi->infoline) saxdb_write_string(ctx, KEY_INFO, hi->infoline); if (hi->last_quit_host[0]) @@ -3106,6 +3714,8 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { saxdb_write_int(ctx, KEY_LAST_SEEN, hi->lastseen); if (hi->masks->used) saxdb_write_string_list(ctx, KEY_MASKS, hi->masks); + if (hi->ignores->used) + saxdb_write_string_list(ctx, KEY_IGNORES, hi->ignores); if (hi->maxlogins) saxdb_write_int(ctx, KEY_MAXLOGINS, hi->maxlogins); if (hi->nicks) { @@ -3133,6 +3743,7 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { saxdb_write_string(ctx, KEY_USERLIST_STYLE, flags); saxdb_end_record(ctx); } + return 0; } @@ -3160,13 +3771,12 @@ static NICKSERV_FUNC(cmd_merge) struct userNode *last_user; struct userData *cList, *cListNext; unsigned int ii, jj, n; - char buffer[MAXLEN]; NICKSERV_MIN_PARMS(3); - if (!(hi_from = get_victim_oper(user, argv[1]))) + if (!(hi_from = get_victim_oper(cmd, user, argv[1]))) return 0; - if (!(hi_to = get_victim_oper(user, argv[2]))) + if (!(hi_to = get_victim_oper(cmd, user, argv[2]))) return 0; if (hi_to == hi_from) { reply("NSMSG_CANNOT_MERGE_SELF", hi_to->handle); @@ -3197,6 +3807,16 @@ static NICKSERV_FUNC(cmd_merge) string_list_append(hi_to->masks, strdup(mask)); } + /* Merge the ignores. */ + for (ii=0; iiignores->used; ii++) { + char *ignore = hi_from->ignores->list[ii]; + for (jj=0; jjignores->used; jj++) + if (match_ircglobs(hi_to->ignores->list[jj], ignore)) + break; + if (jj==hi_to->ignores->used) /* Nothing from the "to" handle covered this mask, so add it. */ + string_list_append(hi_to->ignores, strdup(ignore)); + } + /* Merge the lists of authed users. */ if (hi_to->users) { for (last_user=hi_to->users; last_user->next_authed; last_user=last_user->next_authed) ; @@ -3261,12 +3881,15 @@ static NICKSERV_FUNC(cmd_merge) hi_to->fakehost = strdup(hi_from->fakehost); /* Notify of success. */ - sprintf(buffer, "%s (%s) merged account %s into %s.", user->nick, user->handle_info->handle, hi_from->handle, hi_to->handle); reply("NSMSG_HANDLES_MERGED", hi_from->handle, hi_to->handle); - global_message(MESSAGE_RECIPIENT_STAFF, buffer); + global_message_args(MESSAGE_RECIPIENT_OPERS, "NSMSG_ACCOUNT_MERGED", user->nick, + user->handle_info->handle, hi_from->handle, hi_to->handle); /* Unregister the "from" handle. */ nickserv_unregister_handle(hi_from, NULL, cmd->parent->bot); + /* TODO: fix it so that if the ldap delete in nickserv_unregister_handle fails, + * the process isn't completed. + */ return 1; } @@ -3281,6 +3904,9 @@ struct nickserv_discrim { const char *hostmask; const char *handlemask; const char *emailmask; +#ifdef WITH_LDAP + unsigned int inldap; +#endif }; typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi); @@ -3293,7 +3919,7 @@ struct discrim_apply_info { }; static struct nickserv_discrim * -nickserv_discrim_create(struct userNode *user, unsigned int argc, char *argv[]) +nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int argc, char *argv[]) { unsigned int i; struct nickserv_discrim *discrim; @@ -3306,10 +3932,13 @@ nickserv_discrim_create(struct userNode *user, unsigned int argc, char *argv[]) discrim->min_registered = 0; discrim->max_registered = INT_MAX; discrim->lastseen = now; +#ifdef WITH_LDAP + discrim->inldap = 2; +#endif for (i=0; imax_registered = now - ParseInterval(cmp+1) - 1; } } else { - send_message(user, nickserv, "MSG_INVALID_CRITERIA", cmp); + reply("MSG_INVALID_CRITERIA", cmp); } } else if (!irccasecmp(argv[i], "seen")) { discrim->lastseen = now - ParseInterval(argv[++i]); @@ -3343,25 +3972,25 @@ nickserv_discrim_create(struct userNode *user, unsigned int argc, char *argv[]) i++; if (!irccasecmp(argv[i], "exact")) { if (i == argc - 1) { - send_message(user, nickserv, "MSG_MISSING_PARAMS", argv[i]); + reply("MSG_MISSING_PARAMS", argv[i]); goto fail; } discrim->hostmask_type = EXACT; } else if (!irccasecmp(argv[i], "subset")) { if (i == argc - 1) { - send_message(user, nickserv, "MSG_MISSING_PARAMS", argv[i]); + reply("MSG_MISSING_PARAMS", argv[i]); goto fail; } discrim->hostmask_type = SUBSET; } else if (!irccasecmp(argv[i], "superset")) { if (i == argc - 1) { - send_message(user, nickserv, "MSG_MISSING_PARAMS", argv[i]); + reply("MSG_MISSING_PARAMS", argv[i]); goto fail; } discrim->hostmask_type = SUPERSET; } else if (!irccasecmp(argv[i], "lastquit") || !irccasecmp(argv[i], "lastauth")) { if (i == argc - 1) { - send_message(user, nickserv, "MSG_MISSING_PARAMS", argv[i]); + reply("MSG_MISSING_PARAMS", argv[i]); goto fail; } discrim->hostmask_type = LASTQUIT; @@ -3370,7 +3999,7 @@ nickserv_discrim_create(struct userNode *user, unsigned int argc, char *argv[]) discrim->hostmask_type = SUPERSET; } discrim->hostmask = argv[++i]; - } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) { + } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) { if (!irccasecmp(argv[++i], "*")) { discrim->handlemask = 0; } else { @@ -3378,7 +4007,7 @@ nickserv_discrim_create(struct userNode *user, unsigned int argc, char *argv[]) } } else if (!irccasecmp(argv[i], "email")) { if (user->handle_info->opserv_level < nickserv_conf.email_search_level) { - send_message(user, nickserv, "MSG_NO_SEARCH_ACCESS", "email"); + reply("MSG_NO_SEARCH_ACCESS", "email"); goto fail; } else if (!irccasecmp(argv[++i], "*")) { discrim->emailmask = 0; @@ -3403,10 +4032,23 @@ nickserv_discrim_create(struct userNode *user, unsigned int argc, char *argv[]) discrim->min_level = strtoul(cmp+1, NULL, 0) + 1; } } else { - send_message(user, nickserv, "MSG_INVALID_CRITERIA", cmp); + reply("MSG_INVALID_CRITERIA", cmp); } - } else { - send_message(user, nickserv, "MSG_INVALID_CRITERIA", argv[i]); +#ifdef WITH_LDAP + } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { + i++; + if(true_string(argv[i])) { + discrim->inldap = 1; + } + else if (false_string(argv[i])) { + discrim->inldap = 0; + } + else { + reply("MSG_INVALID_BINARY", argv[i]); + } +#endif + } else { + reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; } } @@ -3453,6 +4095,17 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) } if (!nick) return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && discrim->inldap != 2) { + int rc; + rc = ldap_get_user_info(hi->handle, NULL); + if(discrim->inldap == 1 && rc != LDAP_SUCCESS) + return 0; + if(discrim->inldap == 0 && rc == LDAP_SUCCESS) + return 0; + } + +#endif return 1; } @@ -3492,6 +4145,20 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +static void +search_add2ldap_func (struct userNode *source, struct handle_info *match) +{ +#ifdef WITH_LDAP + int rc; + if(match->email_addr && match->passwd && match->handle) { + rc = ldap_do_add(match->handle, match->passwd, match->email_addr); + if(rc != LDAP_SUCCESS) { + send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + } + } +#endif +} + static int nickserv_sort_accounts_by_access(const void *a, const void *b) { @@ -3520,7 +4187,7 @@ nickserv_show_oper_accounts(struct userNode *user, struct svccmd *cmd) qsort(hil.list, hil.used, sizeof(hil.list[0]), nickserv_sort_accounts_by_access); tbl.length = hil.used + 1; tbl.width = 2; - tbl.flags = TABLE_NO_FREE; + tbl.flags = TABLE_NO_FREE | TABLE_REPEAT_ROWS | TABLE_REPEAT_HEADERS; tbl.contents = malloc(tbl.length * sizeof(tbl.contents[0])); tbl.contents[0] = ary = malloc(tbl.width * sizeof(ary[0])); ary[0] = "Account"; @@ -3532,7 +4199,7 @@ nickserv_show_oper_accounts(struct userNode *user, struct svccmd *cmd) tbl.contents[++ii] = ary; } table_send(cmd->parent->bot, user->nick, 0, NULL, tbl); - reply("MSG_MATCH_COUNT", hil.used); + /*reply("MSG_MATCH_COUNT", hil.used); */ for (ii = 0; ii < hil.used; ii++) free(tbl.contents[ii]); free(tbl.contents); @@ -3556,6 +4223,10 @@ static NICKSERV_FUNC(cmd_search) action = search_count_func; else if (!irccasecmp(argv[1], "unregister")) action = search_unregister_func; +#ifdef WITH_LDAP + else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap")) + action = search_add2ldap_func; +#endif else { reply("NSMSG_INVALID_ACTION", argv[1]); return 0; @@ -3564,7 +4235,7 @@ static NICKSERV_FUNC(cmd_search) if (subcmd && !svccmd_can_invoke(user, nickserv, subcmd, NULL, SVCCMD_NOISY)) return 0; - discrim = nickserv_discrim_create(user, argc-2, argv+2); + discrim = nickserv_discrim_create(cmd, user, argc-2, argv+2); if (!discrim) return 0; @@ -3602,10 +4273,10 @@ static MODCMD_FUNC(cmd_checkpass) } static void -nickserv_db_read_handle(const char *handle, dict_t obj) +nickserv_db_read_handle(char *handle, dict_t obj) { const char *str; - struct string_list *masks, *slist; + struct string_list *masks, *slist, *ignores; struct handle_info *hi; struct userNode *authed_users; struct userData *channels; @@ -3632,6 +4303,8 @@ nickserv_db_read_handle(const char *handle, dict_t obj) authed_users = NULL; channels = NULL; } + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(handle); hi = register_handle(handle, str, id); if (authed_users) { hi->users = authed_users; @@ -3643,6 +4316,8 @@ nickserv_db_read_handle(const char *handle, dict_t obj) hi->channels = channels; masks = database_get_data(obj, KEY_MASKS, RECDB_STRING_LIST); hi->masks = masks ? string_list_copy(masks) : alloc_string_list(1); + ignores = database_get_data(obj, KEY_IGNORES, RECDB_STRING_LIST); + hi->ignores = ignores ? string_list_copy(ignores) : alloc_string_list(1); str = database_get_data(obj, KEY_MAXLOGINS, RECDB_QSTRING); hi->maxlogins = str ? strtoul(str, NULL, 0) : 0; str = database_get_data(obj, KEY_LANGUAGE, RECDB_QSTRING); @@ -3703,6 +4378,7 @@ nickserv_db_read_handle(const char *handle, dict_t obj) str = database_get_data(obj, KEY_FAKEHOST, RECDB_QSTRING); if (str) hi->fakehost = strdup(str); + subdb = database_get_data(obj, KEY_COOKIE, RECDB_OBJECT); if (subdb) { const char *data, *type, *expires, *cookie_str; @@ -3748,10 +4424,13 @@ static int nickserv_saxdb_read(dict_t db) { dict_iterator_t it; struct record_data *rd; + char *handle; for (it=dict_first(db); it; it=iter_next(it)) { rd = iter_data(it); - nickserv_db_read_handle(iter_key(it), rd->d.object); + handle = strdup(iter_key(it)); + nickserv_db_read_handle(handle, rd->d.object); + free(handle); } return 0; } @@ -3848,6 +4527,7 @@ nickserv_conf_read(void) dict_t conf_node, child; const char *str; dict_iterator_t it; + struct string_list *strlist; if (!(conf_node = conf_get_data(NICKSERV_CONF_NAME, RECDB_OBJECT))) { log_module(NS_LOG, LOG_ERROR, "config node `%s' is missing or has wrong type.", NICKSERV_CONF_NAME); @@ -3875,6 +4555,16 @@ nickserv_conf_read(void) } else { nickserv_conf.valid_nick_regex_set = 0; } + str = database_get_data(conf_node, KEY_VALID_FAKEHOST_REGEX, RECDB_QSTRING); + if (nickserv_conf.valid_fakehost_regex_set) + regfree(&nickserv_conf.valid_fakehost_regex); + if (str) { + int err = regcomp(&nickserv_conf.valid_fakehost_regex, str, REG_EXTENDED|REG_ICASE|REG_NOSUB); + nickserv_conf.valid_fakehost_regex_set = !err; + if (err) log_module(NS_LOG, LOG_ERROR, "Bad valid_fakehost_regex (error %d)", err); + } else { + nickserv_conf.valid_fakehost_regex_set = 0; + } str = database_get_data(conf_node, KEY_NICKS_PER_HANDLE, RECDB_QSTRING); if (!str) str = database_get_data(conf_node, KEY_NICKS_PER_ACCOUNT, RECDB_QSTRING); @@ -3980,6 +4670,17 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_TITLEHOST_SUFFIX, RECDB_QSTRING); nickserv_conf.titlehost_suffix = str ? str : "example.net"; + free_string_list(nickserv_conf.denied_fakehost_words); + strlist = database_get_data(conf_node, KEY_DENIED_FAKEHOST_WORDS, RECDB_STRING_LIST); + if(strlist) + strlist = string_list_copy(strlist); + else { + strlist = alloc_string_list(4); + string_list_append(strlist, strdup("sex")); + string_list_append(strlist, strdup("fuck")); + } + nickserv_conf.denied_fakehost_words = strlist; + str = database_get_data(conf_node, KEY_DEFAULT_STYLE, RECDB_QSTRING); nickserv_conf.default_style = str ? str[0] : HI_DEFAULT_STYLE; @@ -3999,6 +4700,74 @@ nickserv_conf_read(void) child = database_get_data(conf_node, KEY_AUTH_POLICER, RECDB_OBJECT); for (it=dict_first(child); it; it=iter_next(it)) set_policer_param(iter_key(it), iter_data(it), nickserv_conf.auth_policer_params); + + str = database_get_data(conf_node, KEY_LDAP_ENABLE, RECDB_QSTRING); + nickserv_conf.ldap_enable = str ? strtoul(str, NULL, 0) : 0; + + str = database_get_data(conf_node, KEY_FORCE_HANDLES_LOWERCASE, RECDB_QSTRING); + nickserv_conf.force_handles_lowercase = str ? strtol(str, NULL, 0) : 0; + +#ifndef WITH_LDAP + if(nickserv_conf.ldap_enable > 0) { + /* ldap is enabled but not compiled in - error out */ + log_module(MAIN_LOG, LOG_ERROR, "ldap is enabled in config, but not compiled in!"); + nickserv_conf.ldap_enable = 0; + sleep(5); + } +#endif + +#ifdef WITH_LDAP + str = database_get_data(conf_node, KEY_LDAP_URI, RECDB_QSTRING); + nickserv_conf.ldap_uri = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_BASE, RECDB_QSTRING); + nickserv_conf.ldap_base = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_DN_FMT, RECDB_QSTRING); + nickserv_conf.ldap_dn_fmt = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_VERSION, RECDB_QSTRING); + nickserv_conf.ldap_version = str ? strtoul(str, NULL, 0) : 3; + + str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING); + nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0; + + str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING); + nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5; + + str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING); + nickserv_conf.ldap_admin_dn = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_ADMIN_PASS, RECDB_QSTRING); + nickserv_conf.ldap_admin_pass = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_ACCOUNT, RECDB_QSTRING); + nickserv_conf.ldap_field_account = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_PASSWORD, RECDB_QSTRING); + nickserv_conf.ldap_field_password = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING); + nickserv_conf.ldap_field_email = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_dn = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); + nickserv_conf.ldap_field_group_member = str ? str : ""; + + free_string_list(nickserv_conf.ldap_object_classes); + strlist = database_get_data(conf_node, KEY_LDAP_OBJECT_CLASSES, RECDB_STRING_LIST); + if(strlist) + strlist = string_list_copy(strlist); + else { + strlist = alloc_string_list(4); + string_list_append(strlist, strdup("top")); + } + nickserv_conf.ldap_object_classes = strlist; + +#endif + } static void @@ -4175,6 +4944,7 @@ nickserv_db_cleanup(void) void init_nickserv(const char *nick) { + struct chanNode *chan; unsigned int i; NS_LOG = log_register_type("NickServ", "file:nickserv.log"); reg_new_user_func(handle_new_user); @@ -4192,6 +4962,7 @@ init_nickserv(const char *nick) conf_register_reload(nickserv_conf_read); nickserv_opt_dict = dict_new(); nickserv_email_dict = dict_new(); + dict_set_free_keys(nickserv_email_dict, free); dict_set_free_data(nickserv_email_dict, nickserv_free_email_addr); @@ -4236,6 +5007,11 @@ init_nickserv(const char *nick) dict_insert(nickserv_opt_dict, "EMAIL", opt_email); } nickserv_define_func("GHOST", cmd_ghost, -1, 1, 0); + /* ignore commands */ + nickserv_define_func("ADDIGNORE", cmd_addignore, -1, 1, 0); + nickserv_define_func("OADDIGNORE", cmd_oaddignore, 0, 1, 0); + nickserv_define_func("DELIGNORE", cmd_delignore, -1, 1, 0); + nickserv_define_func("ODELIGNORE", cmd_odelignore, 0, 1, 0); /* miscellaneous commands */ nickserv_define_func("STATUS", cmd_status, -1, 0, 0); nickserv_define_func("SEARCH", cmd_search, 100, 1, 0); @@ -4263,6 +5039,7 @@ init_nickserv(const char *nick) } dict_insert(nickserv_opt_dict, "ANNOUNCEMENTS", opt_announcements); dict_insert(nickserv_opt_dict, "MAXLOGINS", opt_maxlogins); + dict_insert(nickserv_opt_dict, "ADVANCED", opt_advanced); dict_insert(nickserv_opt_dict, "LANGUAGE", opt_language); nickserv_handle_dict = dict_new(); @@ -4288,5 +5065,16 @@ init_nickserv(const char *nick) reg_exit_func(nickserv_db_cleanup); if(nickserv_conf.handle_expire_frequency) timeq_add(now + nickserv_conf.handle_expire_frequency, expire_handles, NULL); + + if(autojoin_channels && nickserv) { + for (i = 0; i < autojoin_channels->used; i++) { + chan = AddChannel(autojoin_channels->list[i], now, "+nt", NULL, NULL); + AddChannelUser(nickserv, chan)->modes |= MODE_CHANOP; + } + } +#ifdef WITH_LDAP + ldap_do_init(nickserv_conf); +#endif + message_register_table(msgtab); }